/**
 * Serialize a PGPKeyPair
 *
 * <p>Use this to serialize a PGPPrivateKey as well (pairing it with the corresponding
 * PGPPublicKey), as private keys can't be serialized on their own.
 */
public static byte[] serializeKeyPair(PGPKeyPair keyPair) throws IOException, PGPException {
  try (ByteArrayOutputStream byteStream = new ByteArrayOutputStream()) {
    // NOTE: We have to close the ArmoredOutputStream before calling the underlying OutputStream's
    // "toByteArray". Failing to do so would result in a truncated serialization as we took the
    // byte array before the ArmoredOutputStream wrote all the data.
    //
    // Even "flushing" the ArmoredOutputStream isn't enough - as there are parts that are only
    // written by the ArmoredOutputStream when it is closed: the "-----END PGP PRIVATE KEY
    // BLOCK-----" (or similar) footer.
    try (ArmoredOutputStream out = new ArmoredOutputStream(byteStream)) {
      new PGPSecretKey(
          keyPair.getPrivateKey(),
          keyPair.getPublicKey(),
          new JcaPGPDigestCalculatorProviderBuilder()
              .setProvider("BC")
              .build()
              .get(HashAlgorithmTags.SHA256),
          true,
          null).encode(out);
    }
    return byteStream.toByteArray();
  }
}
 

/**
 * Taking in a file inputstream and a passPhrase, generate a decrypted file inputstream.
 * @param inputStream file inputstream
 * @param passPhrase passPhrase
 * @return
 * @throws IOException
 */
public InputStream decryptFile(InputStream inputStream, String passPhrase) throws IOException {

  PGPEncryptedDataList enc = getPGPEncryptedDataList(inputStream);
  PGPPBEEncryptedData pbe = (PGPPBEEncryptedData) enc.get(0);
  InputStream clear;

  try {
    clear = pbe.getDataStream(new JcePBEDataDecryptorFactoryBuilder(
        new JcaPGPDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build())
            .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(passPhrase.toCharArray()));

    JcaPGPObjectFactory pgpFact = new JcaPGPObjectFactory(clear);

    return new LazyMaterializeDecryptorInputStream(pgpFact);
  } catch (PGPException e) {
    throw new IOException(e);
  }
}
 

public static PGPSecretKeyRing copySecretKeyRingWithNewPassword(byte[] privateKeyData,
        char[] oldPassphrase, char[] newPassphrase) throws PGPException, IOException, KonException {

    // load the secret key ring
    PGPSecretKeyRing secRing = new PGPSecretKeyRing(privateKeyData, FP_CALC);

    PGPDigestCalculatorProvider calcProv = new JcaPGPDigestCalculatorProviderBuilder().build();
    PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder(calcProv)
        .setProvider(PGPUtils.PROVIDER)
        .build(oldPassphrase);

    PGPDigestCalculator calc = new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA256);
    PBESecretKeyEncryptor encryptor = new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, calc)
        .setProvider(PROVIDER).build(newPassphrase);

    try {
        return PGPSecretKeyRing.copyWithNewPassword(secRing, decryptor, encryptor);
    } catch (PGPException ex) {
        // treat this special, cause most like the decryption password was wrong
        throw new KonException(KonException.Error.CHANGE_PASS_COPY, ex);
    }
}